In Src/hist.c on line 1668 there is a NULL pointer dereference because
GNU canonicalize_file_name returns NULL on some errors.
In attachment you will find a small patch that fixes that bug.

Thanks!
I've looked at the code and it bails out for a couple of errors in
`errno'. I've looked at how canonicalize_file_name() is implemented by
glibc, and it's just a short hand for "realpath(foo, NULL)". So at least
on GNU systems the errors from realpath(3) apply to
canonicalize_file_name(), too. Here's the current standard:
<http://pubs.opengroup.org/onlinepubs/9699919799/functions/realpath.html>
I don't know if it's worth checking all those or just go with bailing
out if `real' is NULL.
Both HAVE_REALPATH and HAVE_CANONICALIZE_FILE_NAME use a `real' pointer,
so I think the "if (!null)" test should be in there unconditionally,
without the `#ifdef'.
Comments?

Hi,

in HAVE_REALPATH branch real it's not a point, but it's defined as
real[PATH_MAX] so it cannot be NULL.
We can make the if unconditionally, but it's quite useless (because it's
always false in the HAVE_REALPATH branch).